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IN THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims 

1 . (Currently Amended) A method for reducing the occurrence of unauthorized use of on- 
line resources, comprising; 

receiving a message indicating a request from a user to use on-line resources; 
determining whether the request requires authentication; 

enabling the request to he fulfilled without authentication if the determination 
indicates that authentication is not required: 

obtaining an indicia of physical identification from the user if the determination instead 
indicates that authentication is required; 

comparing the obtained indicia to a stored indicia for the user; and 

enabling the request to be fulfilled if the obtained indicia matches the stored indicia. 

2. (Currently Amended) A method according to claim 1, wherein the step of determining 
whether the request requires authentication includes: 

retrieving determining whether a stored profil e for the uacr indicates that containing the 
user's historical authentication patterns with respect to a plurality of network elements: 

identifying certain of the plurality of network elements in the stored profile as being 
associated with the requested on-line resource: 

determining a score for the user based on the user's historical authentication 
patterns with the certain network elements: and 

determining whether authentication is required for this request to use the on-line 
resource based on the score . 

3. (Currently Amended) A method according to claim 1 , further comprising : 
storing bnsiaess rules for a plurality of companies having on-line resources; 
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identifying a compan y associated with the requested on-line resource from among 
the plurality of companies; and 

retrieving the stored business rules for the identified company. 

wherein the step of determining whether the request requires authentication includes 
determining whether stored business rules for [[a]J the identified company associated with the 
requested on-line resource indicates that authentication for the user is required. 

4. (Original) A method according to claim 3, wherein the step of detennining whether the 
stored business rules requires authentication includes: 

determining whether the user is listed by the company as always requiring authentication; 

and 

requiring authentication if the user is listed. 

5. (Original) A method according to claim 3, wherein the step of deterrnining whether the 
stored business rules requires authentication includes: 

determining whether the user is listed by the company as never requiring authentication; 

and 

not requiring authentication if the user is listed. 

6. (Original) A method according to claim 3, wherein the step of detennjiiing whether the 
stored business rules requires authentication includes: 

deterrnining whether the user is listed by the company as being completely denied access; 

and 

completely denying access to the requested on-line resources if the user is listed. 

7. (Original) A method according to claim 1, wherein the step of detenriining whether the 
request requires authentication includes determining whether the request is indicative of 
fraudulent behavior. 

8. (Original) A method according to claim 7, wherein the fraudulent behavior is one or 
more of a collision violation, a velocity violation, and a customized trigger. 
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9. (Canceled) 

10. (Currently Amended) A method according to claim [[9]] 1, 
dctciminrag ' Whothcr the rcqucot ' Qatiofico other criteria includco further comprising : 

determining whether the request is a card transaction; 

determining whether restrictions applied to the user and an account associated with the 
request are satisfied by a purchase associated with the request; and 
denying the request if the restrictions are not satisfied. 

11- (Original) A method according to claim 10 7 wherein the restrictions are one or more of 
type of goods to be purchased, amount of purchase, time of purchase and location of purchase. 

12. (Currently Amended) A method according to claim [[9]] 1, wherein tho otcp of 
dotonuimng whether the request oatioiioa other critcriftinoludcQ further comprising : 

determining whether the request is an account transaction; 

determining whether restrictions applied to an account associated with the account 
transaction are satisfied by the request; and 

denying the request if the restrictions are not satisfied. 

13. (Original) A method according to claim 12, wherein the restrictions are one or more of 
frequency of access and time of access. 

14. (Cnrrently Amended) A method according to claim [[9]] 1, wherein the otop of 
determining whether tho request oatiofico-othor criteria includes further comprising : 

determining whether the request is an account transaction; 

determining whether use of the requested on-line resources are restricted for an account 
associated with the user; and 

denying the request if the requested on-line resources are restricted for the account. 

15. (Currently Amended) A method according to claim ((9]J 1, whorcin the step of 
determining whether tho - rcqucgt oatisficfl other - criteria includoo further comprising : 
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determining whether the request is a control transaction; 
determining whether restrictions applied to the user associated with the control 
transaction are satisfied by the request; and 

denying the request if the restrictions are not satisfied. 

16. (Original) A method according to claim 15, wherein the restrictions are one or more of a 
parent control and an other control. 

17. (Canceled) 

18. (Currently Amended) A method according to claim [[17JJ 1, wherein the indicia 
comprises a biometric that is one or more of a fingerprint, a voiceprint, a palmprint, an eye scan, 
and a handwriting sample. 

19. (Currently Amended) A method according to claim [[1]] 3, further comprising 
providing access to the plurality of companies to allow them to configure oonfipiriTi^ a their 
own individual s et of stored business r ules that are used in the determining step. 

20. (Currently Amended) An apparatus for reducing the occurrence of unauthorized use of 
on-line resources, comprising: 

means for receiving a message indicating a request from a user to use on-line resources; 

means for determining whether the request requires authentication; 

means for enabling the request to be fulfilled without authentication if the 
determination indicates that authentication is not required: 

means for obtaining an indicia of physical identification from the user if the 
determination instead indicates that authentication is required; 

means for comparing the obtained indicia to a stored indicia for the user; and 

means for enabling the request if the obtained indicia matches the stored indicia, 

2 1 . (Currently Amended) An apparatus according to claim 20, wherein the means for 
determining whether the request requires authentication includes! 
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means for retrieving dotormiiiing whether a stored profile for the uocr indioatoc that 
containing the user's historical authentication patterns with respect to a plurality of 
network elements: 

means for identifying certain of the plurality of network elements in the stored 
profile as being associated with the requested on-line resource: 

means for determining a score for the user based on the user's historical 
authentication patterns with the certain network elements; and 

means for determining whether authentication is required for this request to use the 
on-line resource based on the score . 

22. (Currently Amended) An apparatus according to claim 20, further comprising: 
means for storing business rules for a plurality of companies having on-line 

resources: 

means for identifying a company associated with the requested on-line resource 
from among the plurality of companies: and 

means for retrieving the stored business rules for the identified company. 

wherein the means for determining whether the request requires authentication includes 
means for determining whether [[a] J stored profllo business rules for [(a]] the identified 
company associated with the requested on-line resource indicates that authentication for the user 
is required, 

23. (Original) An apparatus according to claim 22, wherein the means for determining 
whether the stored business rules requires authentication includes: 

means for determining whether the user is listed by the company as always requiring 
authentication; and 

means for requiring authentication if the user is listed. 

24. (Original) An apparatus according to claim 22, wherein the means for determining 
whether the stored business rules requires authentication includes: 

means for determining whether the user is listed by the company as never requiring 
authentication; and 
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means for not requiring authentication if the user is listed. 

25. (Original) An apparatus according to claim 22, wherein the means for determining 
whether the stored business rules requires authentication includes: 

means for determining whether the user is listed by the company as being completely 
denied access; and 

means for completely denying access to the requested on-line resources if the user is 

listed. 

26. (Original) An apparatus according to claim 20, wherein the means for determining 
whether the request requires authentication includes means for determining whether the request 
is indicative of fraudulent behavior. 

27. (Original) An apparatus according to claim 26, wherein the fraudulent behavior is one or 
more of a collision violation, a velocity violation, and a customized trigger. 

28. (Canceled) 

29. (Currently Amended) An apparatus according to claim [[28]] 20, wherein the means 
for determining whether - tho request oaticfico - other criteria includes farther comprising : 

means for determining whether the request is a card transaction; 

means for determining whether restrictions applied to the user and an account associated 
with the request are satisfied by a purchase associated with the request; and 
means for denying the request if the restrictions are not satisfied. 

30. (Original) An apparatus according to claim 29, wherein the restrictions are one or more 
of type of goods to be purchased, amount of purchase, time of purchase and location of purchase. 

31. (Currently Amended) An apparatus according to claim [[28]] 20, wherein the moons 
for determi nin g wh n fhcr the rcqucat oatioficp other criteria includog further comprising : 

means for determining whether the request is an account transaction; 
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means for determining whether restrictions applied to an account associated with the 
account transaction are satisfied by the request; and 

means for denying the request if the restrictions are not satisfied. 

32. (Original) An apparatus according to claim 31, wherein the restrictions are one or more 
of frequency of access and time of access. 

33. (Currently Amended) An apparatus according to claim [[28]] 20, wherein tho mcarus 
■ for dotormining whcflior the rcqucot gatiofioo othe r critcria^tnoliideg further comprising : 

means for determining whether the request is an account transaction; 

means for determining whether use of the requested on-line resources are restricted for an 
account associated with the user; and 

means for denying the request if the requested on-line resources are restricted for the 
account. 

34. (Currently Amended) An apparatus according to claim [[28]] 20, wherein the moag$ 
fbrdotCEmining whether tho request satioiioo other critcria^mohides farther comprising : 

means for determining whether the request is a control transaction; 
means for determining whether restrictions applied to the user associated with the control 
transaction are satisfied by the request; and 

means for denying the request if the restrictions are not satisfied. 

35. (Original) An apparatus according to claim 34, wherein the restrictions are one or more 
of a parent control and an other control. 

36. (Canceled) 

37. (Currently Amended) An apparatus according to claim 36, wherein the indicia 
comprises a b iometric that is one or more of a fingerprint, a voiceprint, a palmprint, an eye scan, 
and a handwriting sample. 
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38. (Original) An apparatus according to claim [[20] J 22, further comprising m eans for 



39. (Currently Amended) An apparatus for reducing the occurrence of unauthorized use of 
on-line resources, comprising: 

a server that is adapted to communicate with a network based service so as to receive a 
message indicating a request from a user to use the network based service; 

a rules subsystem coupled to the server that determines whether the request requires 
authentication, the rules snbsvstem causing the server to enable the request to be fulfilled 
without authentication if the determination indicates that authentication is not required 
and causes the server to obtain an indicia of physical identification from the user if the rules 
subsystem instead d ^rmm^ that authentication is required; and 

an authentication subsystem coupled to the server and the controller that compares the 
obtained indicia to a stored indicia for the user, 

wherein the server sends a signal to the network based service that the request is to be 
fulfilled if the authentication subsystem determines that the obtained indicia matches the stored 
indicia. 

40. (Currently Amended) An apparatus according to claim 39, further comprising; 

a database coupled to the [[controller]] rules subsystem, the database maintaining a 
stored profil e for the uocr indiontoo that containing the user's historical authentication 
patterns with respect to a plurality of network elements, 

wherein t he controller rules subsystem is adapted to retrieve the user's stored profile 
acccpging historical mica from the databas e in response to the request, identify certain of the 
plurality of network elements in the stored profile as being associated with the requested 
on-line resource, determine a score for the user based on the user's historical 
authentication patterns with th e g.«*ain network elements, and to determine whether 
authentication is required for the user for estirront transactio n this request to use the on-line 
resource based on the score . 
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41. (Currently Amended) An apparatus according to claim 39, further comprising: 



associated with the requested on-line resource from among the plurality of companies^ 
retrieve the stored b usiness rule s for the identified company from the database 4$ and 
determine whether [[a]] the stored business rnles for the identified company associated with 
the requested on-line resource requires authentication for the user. 

42. (Canceled) 

43. (Currently Amended) An apparatus according to claim [[42]] 39, farther comprising 
a user profile subsystem coupled to the server which is adapted to determine whether the 
request is indicative of fraudulent behavior , wherein the fraudulent behavior is one or more of 
a collision violation, a velocity violation, and a customized trigger. 

44. (Canceled) 

45. (Currently Amended) An apparatus according to claim [[44]] 39, wherein the indicia 
is a biometrics the apparatus further comprising a database that stores a plurality of 
biometrics for a respective plurality of users, and wherein the biometric is one or more of a 
fingerprint, a voiceprint, a palmprint, an eye scan, and a handwriting sample. 

46. (New) A method according to claim 2, wherein the step of determining the score 
includes: 

applying a weight to each of the certain network elements based on a relative importance 
of the certain network elements; 

evaluating the user's historical relationship with each of the certain network elements; 

and 

aggregating the score using the weighted evaluations. 



a database coupled to the controller rules subsystem , the database storing business 
roles for a plurality of companies having on-line resources, 
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47. (New) A method according to claim 46, further comprising: 

allowing a system administrator to configure the respective weights for the plurality of 
network elements, 

48. (New) An apparatus according to claim 21 , wherein the means for determining the score 
includes: 

means applying a weight to each of the certain network elements based on a relative 
importance of the certain network elements; 

means evaluating the user's historical relationship with each of the certain network 
elements; and 

means for aggregating the score using the weighted evaluations. 

49. (New) An apparatus according to claim 48, further comprising: 

means for allowing a system administrator to configure tine respective weights for the 
plurality of network elements. 

50. (New) An apparatus according to claim 41, wherein the rules subsystem is further 
adapted to apply a weight to each of the certain network elements based on a relative importance 
of the certain network elements, evaluate the user's historical relationship with each of the 
certain network elements, and aggregate the score using the weighted evaluations. 

5 1 . (New) An apparatus according to claim 50, further comprising: 

an administrator service that allows a system administrator to configure the respective 
weights for the plurality of network elements. 
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